Lucene search

K
saintSAINT CorporationSAINT:D9B9FC84970C50AD5E593690D2A9D393
HistoryOct 30, 2013 - 12:00 a.m.

HP SiteScope APIBSMIntegrationImpl runOMAgentCommand SOAP Request Vulnerability

2013-10-3000:00:00
SAINT Corporation
www.saintcorporation.com
21

0.968 High

EPSS

Percentile

99.6%

Added: 10/30/2013
CVE: CVE-2013-2367
BID: 61506
OSVDB: 95824

Background

HP SiteScope is an agentless software application used to monitor the availability and performance of distributed IT infrastructures including servers, operating systems, network and Internet services, applications and application components.

Problem

HP SiteScope is vulnerable to remote code execution because the runOMAgentCommand in an APIBSMIntegrationImpl SOAP request does not properly sanitize user-supplied input. By supplying a windows shell command to the omHost key, an attacker can execute arbitrary commands with SYSTEM privileges.

Resolution

Upgrade to SiteScope v11.22 or higher.

References

<http://www.zerodayinitiative.com/advisories/ZDI-13-205/&gt;

Limitations

This exploit was tested against HP SiteScope 11.20 on Windows Server 2003 SP2 English (DEP OptOut) and Windows Server 2008 SP2 (DEP OptOut).

Platforms

Windows

0.968 High

EPSS

Percentile

99.6%